Hallo liebe Community,

ich wurde heute leider auch von der Malware-Welle "Security Tool" betroffen.
Hab die super Anleitung hier im Forum befolgt und das Programm scheint erfolgreich entfernt zu sein (nach mehrmaligem ausführen der empfohlenen Programme). Nun wollte euch meine Logs posten um sicher zu gehen, dass auch alles entfernt ist

Hoffe es kann mal wer ein Auge drauf werfen.

HijackThis / RSIT

RSIT Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Logfile of random's system information tool 1.08 (written by random/random)
Run by ****** at 2010-08-27 16:35:01
Microsoft Windows 7 Ultimate 
System drive C: has 118 GB (25%) free of 477 GB
Total RAM: 4087 MB (68% free)
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:35:08, on 27.08.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\FRAPS\fraps.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Vtune\TBPANEL.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\*****\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\******.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rslsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9062 bytes
 
======Registry dump======
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-18 41760]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-07-24 2245120]
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files (x86)\steam\steam.exe [2010-08-24 1242448]
"TBPanel"=C:\Program Files (x86)\Vtune\TBPanel.exe [2009-10-05 2158592]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 
======File associations======
 
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
 
======List of files/folders created in the last 1 months======
 
2010-08-27 16:35:01 ----D---- C:\rsit
2010-08-27 16:35:01 ----D---- C:\Program Files (x86)\trend micro
2010-08-27 14:33:48 ----D---- C:\Users\*****\AppData\Roaming\Malwarebytes
2010-08-27 14:33:42 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2010-08-27 14:33:41 ----D---- C:\ProgramData\Malwarebytes
2010-08-27 14:33:41 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-08-25 11:29:51 ----D---- C:\Program Files (x86)\Smart Projects
2010-08-24 22:48:59 ----D---- C:\Windows\6833245EDD86479A882A8360D62C8194.TMP
2010-08-24 12:34:04 ----D---- C:\Users\*****\AppData\Roaming\PowerUp Software
2010-08-24 12:32:47 ----D---- C:\ProgramData\PowerUp Software
2010-08-24 12:31:20 ----RS---- C:\Windows\SysWOW64\msstkprp.dll
2010-08-24 12:31:20 ----A---- C:\Windows\SysWOW64\VB5DB.DLL
2010-08-24 12:31:20 ----A---- C:\Windows\SysWOW64\SSubTmr6.dll
2010-08-24 12:31:20 ----A---- C:\Windows\SysWOW64\dx7vb.dll
2010-08-24 12:31:20 ----A---- C:\Windows\SysWOW64\dsofile.dll
2010-08-24 12:31:20 ----A---- C:\Windows\SysWOW64\capicom.dll
2010-08-24 12:31:19 ----N---- C:\Windows\SysWOW64\ADsSecurity.dll
2010-08-24 12:31:19 ----D---- C:\Program Files (x86)\PowerUp Software
2010-08-24 12:31:19 ----A---- C:\Windows\SysWOW64\zlib.dll
2010-08-24 12:31:19 ----A---- C:\Windows\SysWOW64\dxinputdll.dll
2010-08-23 10:53:40 ----D---- C:\Program Files (x86)\CCleaner
2010-08-23 10:52:40 ----D---- C:\Program Files (x86)\ProcessExplorer
2010-08-20 17:58:01 ----D---- C:\ProgramData\ASign
2010-08-15 22:38:43 ----D---- C:\Users\*****\AppData\Roaming\Mael
2010-08-15 22:36:54 ----D---- C:\Program Files (x86)\HxD
2010-08-15 21:33:42 ----D---- C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2010-08-15 21:33:30 ----D---- C:\ProgramData\NVIDIA Corporation
2010-08-15 21:32:14 ----A---- C:\Windows\SysWOW64\OpenCL.dll
2010-08-15 21:32:14 ----A---- C:\Windows\SysWOW64\nvwgf2um.dll
2010-08-15 21:32:13 ----A---- C:\Windows\SysWOW64\nvoglv32.dll
2010-08-15 21:32:13 ----A---- C:\Windows\SysWOW64\nvdecodemft.dll
2010-08-15 21:32:11 ----A---- C:\Windows\SysWOW64\nvcuvid.dll
2010-08-15 21:32:11 ----A---- C:\Windows\SysWOW64\nvcuvenc.dll
2010-08-15 21:32:10 ----A---- C:\Windows\SysWOW64\nvcuda.dll
2010-08-15 21:32:10 ----A---- C:\Windows\SysWOW64\nvcompiler.dll
2010-08-15 21:28:46 ----A---- C:\Windows\SysWOW64\XAudio2_7.dll
2010-08-15 21:28:46 ----A---- C:\Windows\SysWOW64\XAPOFX1_5.dll
2010-08-15 21:28:43 ----A---- C:\Windows\SysWOW64\xactengine3_7.dll
2010-08-15 21:28:43 ----A---- C:\Windows\SysWOW64\D3DX9_43.dll
2010-08-15 21:28:43 ----A---- C:\Windows\SysWOW64\d3dx11_43.dll
2010-08-15 21:28:43 ----A---- C:\Windows\SysWOW64\d3dx10_43.dll
2010-08-15 21:28:43 ----A---- C:\Windows\SysWOW64\d3dcsx_43.dll
2010-08-15 21:28:43 ----A---- C:\Windows\SysWOW64\D3DCompiler_43.dll
2010-08-15 15:31:29 ----D---- C:\Users\******\AppData\Roaming\vlc
2010-08-14 14:17:09 ----D---- C:\ProgramData\Media Center Programs
2010-08-14 14:17:05 ----D---- C:\Program Files (x86)\Common Files\BioWare
2010-08-14 00:06:52 ----D---- C:\Program Files (x86)\Saints Row 2
2010-08-13 13:26:37 ----D---- C:\ProgramData\Intenium
2010-08-09 00:47:29 ----D---- C:\Program Files (x86)\Gmask 1.70 English
2010-08-06 18:50:53 ----D---- C:\Program Files (x86)\GameSpy Arcade
2010-08-03 00:04:11 ----D---- C:\Program Files (x86)\YouTube Downloader
2010-08-02 23:57:19 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft
2010-08-02 23:57:18 ----A---- C:\Windows\SysWOW64\msvcr70.dll
2010-08-02 23:51:29 ----D---- C:\Program Files (x86)\TubeBox!
2010-08-01 17:20:36 ----A---- C:\Windows\SysWOW64\RSLSP.dll
2010-08-01 17:20:34 ----D---- C:\Program Files (x86)\Ratajik Software
2010-08-01 02:31:56 ----A---- C:\Windows\SysWOW64\iacenc.dll
2010-08-01 02:25:50 ----A---- C:\Windows\SysWOW64\LMRTREND.dll
2010-08-01 02:25:50 ----A---- C:\Windows\SysWOW64\LMRT.dll
2010-08-01 02:25:50 ----A---- C:\Windows\SysWOW64\dxtmsft3.dll
2010-08-01 02:25:49 ----A---- C:\Windows\SysWOW64\unam4ie.exe
2010-08-01 02:25:49 ----A---- C:\Windows\SysWOW64\strmdll.dll
2010-08-01 02:25:48 ----A---- C:\Windows\SysWOW64\vidx16.dll
2010-08-01 02:25:48 ----A---- C:\Windows\SysWOW64\danim.dll
2010-08-01 02:25:47 ----A---- C:\Windows\SysWOW64\qcut.dll
2010-08-01 02:25:45 ----A---- C:\Windows\SysWOW64\w95inf32.dll
2010-08-01 02:25:45 ----A---- C:\Windows\SysWOW64\w95inf16.dll
2010-08-01 02:24:27 ----A---- C:\Windows\IsUn0407.exe
2010-07-31 21:20:31 ----D---- C:\Users\******\AppData\Roaming\InstallShield
 
======List of files/folders modified in the last 1 months======
 
2010-08-27 16:35:08 ----D---- C:\Windows\Prefetch
2010-08-27 16:35:03 ----D---- C:\Windows\Temp
2010-08-27 16:35:01 ----RD---- C:\Program Files (x86)
2010-08-27 16:33:07 ----D---- C:\Windows
2010-08-27 16:33:07 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-08-27 16:21:57 ----D---- C:\Program Files (x86)\Steam
2010-08-27 16:21:46 ----D---- C:\Program Files (x86)\FRAPS
2010-08-27 16:21:38 ----D---- C:\ProgramData\NVIDIA
2010-08-27 14:33:42 ----D---- C:\Windows\SysWOW64\drivers
2010-08-27 14:33:41 ----HD---- C:\ProgramData
2010-08-27 13:57:04 ----D---- C:\Windows\System32
2010-08-27 13:57:04 ----D---- C:\Windows\inf
2010-08-26 13:42:59 ----D---- C:\Program Files (x86)\JDownloader
2010-08-26 10:39:51 ----SHD---- C:\Windows\Installer
2010-08-26 10:39:30 ----RSD---- C:\Windows\assembly
2010-08-26 10:33:07 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-08-26 10:33:04 ----SHD---- C:\System Volume Information
2010-08-26 10:32:54 ----D---- C:\GAMES
2010-08-25 20:16:41 ----RD---- C:\Program Files
2010-08-25 14:07:33 ----D---- C:\Users\******\AppData\Roaming\ICQ
2010-08-25 14:07:02 ----D---- C:\Program Files (x86)\ICQ7.1
2010-08-24 22:48:50 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-08-24 12:33:04 ----D---- C:\Program Files (x86)\Common Files\Steam
2010-08-24 12:31:20 ----D---- C:\Windows\SysWOW64
2010-08-24 11:31:45 ----SD---- C:\Users\******\AppData\Roaming\Microsoft
2010-08-24 09:41:29 ----D---- C:\Users\******\AppData\Roaming\Skype
2010-08-23 16:13:33 ----D---- C:\Windows\Minidump
2010-08-23 16:13:33 ----D---- C:\Windows\debug
2010-08-20 18:14:32 ----A---- C:\Windows\SysWOW64\wrap_oal.dll
2010-08-20 18:14:32 ----A---- C:\Windows\SysWOW64\OpenAL32.dll
2010-08-20 17:45:33 ----SD---- C:\ProgramData\Microsoft
2010-08-15 21:28:57 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2010-08-15 19:39:18 ----D---- C:\Users\******\AppData\Roaming\nHancer
2010-08-15 19:34:13 ----RD---- C:\Users
2010-08-14 14:17:05 ----D---- C:\Program Files (x86)\Common Files
2010-08-14 11:39:47 ----D---- C:\Users\******\AppData\Roaming\dvdcss
2010-08-13 13:25:35 ----D---- C:\Program Files (x86)\SFT Loader 2009 Final
2010-08-12 19:54:11 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2010-08-12 18:50:53 ----D---- C:\Program Files (x86)\Opera
2010-08-12 18:33:57 ----A---- C:\Windows\SysWOW64\PnkBstrB.exe
2010-08-09 01:05:09 ----D---- C:\Program Files (x86)\Ask.com
2010-08-06 13:30:48 ----D---- C:\ProgramData\Tunngle
2010-08-06 13:30:47 ----D---- C:\Users\******\AppData\Roaming\Tunngle
2010-08-01 02:25:50 ----D---- C:\Program Files (x86)\Windows Media Player
2010-08-01 02:25:49 ----D---- C:\Windows\Help
2010-07-31 22:38:52 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2010-07-31 21:21:19 ----D---- C:\Program Files (x86)\NCsoft
2010-07-29 17:48:08 ----D---- C:\ProgramData\Blizzard Entertainment
2010-07-29 17:48:08 ----D---- C:\Program Files (x86)\Common Files\Blizzard Entertainment
 
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R0 BtHidBus;Bluetooth HID Bus Service; C:\Windows\System32\Drivers\BtHidBus.sys []
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys []
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys []
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys []
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys []
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
S2 TBPanel;TBPanel; C:\Windows\SysWOW64\drivers\TBPanel.sys []
S3 ampw6ow0;ampw6ow0; C:\Windows\SysWOW64\drivers\ampw6ow0.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys []
S3 E1G60;Intel(R) PRO/1000 NDIS 6-Adaptertreiber; C:\Windows\system32\DRIVERS\E1G6032E.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys []
S3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\DRIVERS\LVUSBS64.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V64.SYS []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys []
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
 
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-07-20 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-08-12 215128]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
R2 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2010-07-06 716024]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-08-24 407336]
S2 PinnacleUpdateSvc;PinnacleUpdate Service; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [2010-08-08 413696]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 653616]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-09-08 575488]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
 
-----------------EOF-----------------
         

--- --- ---



Malwarebytes' Anti Malware

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4488

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.08.2010 14:37:27
mbam-log-2010-08-27 (14-37-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 130314
Laufzeit: 2 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\*****\AppData\Local\Temp\LRiOCFPjFS.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\*****\AppData\Local\Temp\0.2624918224770021.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4488

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.08.2010 16:20:10
mbam-log-2010-08-27 (16-20-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 371738
Laufzeit: 42 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEHFZYBN\setup[1].exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

Vielen Dank im vorraus!


greetz

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.